Microsoft CryptoAPI

The Cryptography API is implemented as an application-level system that Win32
applications may call for cryptographic services. The applications are thereby insulated
from the business of providing their own algorithms for such things as encryption
and hashing. Against that, the applications are limited to whatever cryptographic
services happen to be available in the current configuration of the CryptoAPI system.

The CryptoAPI system is built in parts. An interface layer is exposed to the
client applications. Underneath are drivers that do the actual work of providing
the cryptographic services. Each such driver is called a Cryptographic Service Provider
(CSP). Microsoft itself supplies some CSPs with the CryptoAPI system.

The first retail package to include the CryptoAPI seems to have been Windows
95 OEM Service Release 2 (OSR2), with NT 4.0 following soon after. The Crypto API
has been a standard feature of both the Windows and NT packages ever since. (For
an aside with arguably non-trivial implications, see The
CryptoAPI and the Original Windows 95 Release.)

Technical Notes

Implementation details, some of which do not seem to be documented explicitly
by Microsoft, may reasonably be matters for public interest, whether for increasing
the CryptoAPI system’s perceived usability or for assessing the quality of a given
CryptoAPI implementation.